mirror of
https://github.com/minio/minio.git
synced 2025-11-09 13:39:46 -05:00
check for quorum errors for DeleteBucket() (#16859)
This commit is contained in:
Harshavardhana
GitHub
@@ -38,11 +38,11 @@ cat > repladmin-policy-source.json <<EOF
|
||||
]
|
||||
}
|
||||
EOF
|
||||
mc admin policy add source repladmin-policy ./repladmin-policy-source.json
|
||||
mc admin policy create source repladmin-policy ./repladmin-policy-source.json
|
||||
cat ./repladmin-policy-source.json
|
||||
|
||||
#assign this replication policy to repladmin
|
||||
mc admin policy set source repladmin-policy user=repladmin
|
||||
mc admin policy attach source repladmin-policy --user=repladmin
|
||||
|
||||
### on dest alias
|
||||
# Create a replication user : repluser on dest alias
|
||||
@@ -90,11 +90,11 @@ cat > replpolicy.json <<EOF
|
||||
]
|
||||
}
|
||||
EOF
|
||||
mc admin policy add dest replpolicy ./replpolicy.json
|
||||
mc admin policy create dest replpolicy ./replpolicy.json
|
||||
cat ./replpolicy.json
|
||||
|
||||
# assign this replication policy to repluser
|
||||
mc admin policy set dest replpolicy user=repluser
|
||||
mc admin policy attach dest replpolicy --user=repluser
|
||||
|
||||
# configure replication config to remote bucket at http://localhost:9000
|
||||
mc replicate add source/bucket --priority 1 --remote-bucket http://repluser:repluser123@localhost:9000/bucket \
|
||||
|
||||
@@ -29,11 +29,11 @@ sleep 2
|
||||
./mc admin user add myminio/ minio123 minio123
|
||||
./mc admin user add myminio/ minio12345 minio12345
|
||||
|
||||
./mc admin policy add myminio/ rw ./docs/distributed/rw.json
|
||||
./mc admin policy add myminio/ lake ./docs/distributed/rw.json
|
||||
./mc admin policy create myminio/ rw ./docs/distributed/rw.json
|
||||
./mc admin policy create myminio/ lake ./docs/distributed/rw.json
|
||||
|
||||
./mc admin policy set myminio/ rw user=minio123
|
||||
./mc admin policy set myminio/ lake,rw user=minio12345
|
||||
./mc admin policy attach myminio/ rw --user=minio123
|
||||
./mc admin policy attach myminio/ lake,rw --user=minio12345
|
||||
|
||||
./mc mb -l myminio/versioned
|
||||
|
||||
|
||||
@@ -24,11 +24,11 @@ sleep 2
|
||||
./mc admin user add myminio/ minio123 minio123
|
||||
./mc admin user add myminio/ minio12345 minio12345
|
||||
|
||||
./mc admin policy add myminio/ rw ./docs/distributed/rw.json
|
||||
./mc admin policy add myminio/ lake ./docs/distributed/rw.json
|
||||
./mc admin policy create myminio/ rw ./docs/distributed/rw.json
|
||||
./mc admin policy create myminio/ lake ./docs/distributed/rw.json
|
||||
|
||||
./mc admin policy set myminio/ rw user=minio123
|
||||
./mc admin policy set myminio/ lake,rw user=minio12345
|
||||
./mc admin policy attach myminio/ rw --user=minio123
|
||||
./mc admin policy attach myminio/ lake,rw --user=minio12345
|
||||
|
||||
./mc mb -l myminio/versioned
|
||||
|
||||
|
||||
@@ -26,11 +26,11 @@ export MC_HOST_myminio="http://minioadmin:minioadmin@localhost:9000/"
|
||||
./mc admin user add myminio/ minio123 minio123
|
||||
./mc admin user add myminio/ minio12345 minio12345
|
||||
|
||||
./mc admin policy add myminio/ rw ./docs/distributed/rw.json
|
||||
./mc admin policy add myminio/ lake ./docs/distributed/rw.json
|
||||
./mc admin policy create myminio/ rw ./docs/distributed/rw.json
|
||||
./mc admin policy create myminio/ lake ./docs/distributed/rw.json
|
||||
|
||||
./mc admin policy set myminio/ rw user=minio123
|
||||
./mc admin policy set myminio/ lake,rw user=minio12345
|
||||
./mc admin policy attach myminio/ rw --user=minio123
|
||||
./mc admin policy attach myminio/ lake,rw --user=minio12345
|
||||
|
||||
./mc mb -l myminio/versioned
|
||||
|
||||
|
||||
@@ -25,11 +25,11 @@ export MC_HOST_myminio="http://minioadmin:minioadmin@localhost:9000/"
|
||||
./mc admin user add myminio/ minio123 minio123
|
||||
./mc admin user add myminio/ minio12345 minio12345
|
||||
|
||||
./mc admin policy add myminio/ rw ./docs/distributed/rw.json
|
||||
./mc admin policy add myminio/ lake ./docs/distributed/rw.json
|
||||
./mc admin policy create myminio/ rw ./docs/distributed/rw.json
|
||||
./mc admin policy create myminio/ lake ./docs/distributed/rw.json
|
||||
|
||||
./mc admin policy set myminio/ rw user=minio123
|
||||
./mc admin policy set myminio/ lake,rw user=minio12345
|
||||
./mc admin policy attach myminio/ rw --user=minio123
|
||||
./mc admin policy attach myminio/ lake,rw --user=minio12345
|
||||
|
||||
./mc mb -l myminio/versioned
|
||||
|
||||
|
||||
@@ -41,7 +41,7 @@ EOF
|
||||
Create new canned policy by name `getonly` using `getonly.json` policy file.
|
||||
|
||||
```
|
||||
mc admin policy add myminio getonly getonly.json
|
||||
mc admin policy create myminio getonly getonly.json
|
||||
```
|
||||
|
||||
Create a new user `newuser` on MinIO use `mc admin user`.
|
||||
@@ -53,7 +53,7 @@ mc admin user add myminio newuser newuser123
|
||||
Once the user is successfully created you can now apply the `getonly` policy for this user.
|
||||
|
||||
```
|
||||
mc admin policy set myminio getonly user=newuser
|
||||
mc admin policy attach myminio getonly --user=newuser
|
||||
```
|
||||
|
||||
### 3. Create a new group
|
||||
@@ -65,7 +65,7 @@ mc admin group add myminio newgroup newuser
|
||||
Once the group is successfully created you can now apply the `getonly` policy for this group.
|
||||
|
||||
```
|
||||
mc admin policy set myminio getonly group=newgroup
|
||||
mc admin policy attach myminio getonly --group=newgroup
|
||||
```
|
||||
|
||||
### 4. Disable user
|
||||
@@ -107,13 +107,13 @@ mc admin group remove myminio newgroup
|
||||
Change the policy for user `newuser` to `putonly` canned policy.
|
||||
|
||||
```
|
||||
mc admin policy set myminio putonly user=newuser
|
||||
mc admin policy attach myminio putonly --user=newuser
|
||||
```
|
||||
|
||||
Change the policy for group `newgroup` to `putonly` canned policy.
|
||||
|
||||
```
|
||||
mc admin policy set myminio putonly group=newgroup
|
||||
mc admin policy attach myminio putonly --group=newgroup
|
||||
```
|
||||
|
||||
### 7. List all users or groups
|
||||
|
||||
@@ -50,7 +50,7 @@ EOF
|
||||
Create new canned policy by name `userManager` using `userManager.json` policy file.
|
||||
|
||||
```
|
||||
mc admin policy add myminio userManager adminManageUser.json
|
||||
mc admin policy attach myminio userManager adminManageUser.json
|
||||
```
|
||||
|
||||
Create a new admin user `admin1` on MinIO use `mc admin user`.
|
||||
@@ -62,7 +62,7 @@ mc admin user add myminio admin1 admin123
|
||||
Once the user is successfully created you can now apply the `userManage` policy for this user.
|
||||
|
||||
```
|
||||
mc admin policy set myminio userManager user=admin1
|
||||
mc admin policy attach myminio userManager --user=admin1
|
||||
```
|
||||
|
||||
This admin user will then be allowed to perform create/delete user operations via `mc admin user`
|
||||
@@ -73,8 +73,8 @@ This admin user will then be allowed to perform create/delete user operations vi
|
||||
mc alias set myminio-admin1 http://localhost:9000 admin1 admin123 --api s3v4
|
||||
|
||||
mc admin user add myminio-admin1 user1 user123
|
||||
mc admin policy add myminio-admin1 user1policy ~/user1policy.json
|
||||
mc admin policy set myminio-admin1 user1policy user=user1
|
||||
mc admin policy attach myminio-admin1 user1policy ~/user1policy.json
|
||||
mc admin policy attach myminio-admin1 user1policy --user=user1
|
||||
```
|
||||
|
||||
### 4. List of permissions defined for admin operations
|
||||
|
||||
@@ -64,12 +64,12 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003
|
||||
|
||||
./mc admin replicate add minio1 minio2 minio3
|
||||
|
||||
./mc admin policy set minio1 consoleAdmin user="uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
|
||||
./mc admin policy attach minio1 consoleAdmin --user="uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
|
||||
sleep 5
|
||||
|
||||
./mc admin user info minio2 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
|
||||
./mc admin user info minio3 "uid=dillon,ou=people,ou=swengg,dc=min,dc=io"
|
||||
./mc admin policy add minio1 rw ./docs/site-replication/rw.json
|
||||
./mc admin policy create minio1 rw ./docs/site-replication/rw.json
|
||||
|
||||
sleep 5
|
||||
./mc admin policy info minio2 rw >/dev/null 2>&1
|
||||
|
||||
@@ -61,14 +61,14 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003
|
||||
## add foobar-g group with foobar
|
||||
./mc admin group add minio2 foobar-g foobar
|
||||
|
||||
./mc admin policy set minio1 consoleAdmin user=foobar
|
||||
./mc admin policy attach minio1 consoleAdmin --user=foobar
|
||||
sleep 5
|
||||
|
||||
./mc admin user info minio2 foobar
|
||||
|
||||
./mc admin group info minio1 foobar-g
|
||||
|
||||
./mc admin policy add minio1 rw ./docs/site-replication/rw.json
|
||||
./mc admin policy create minio1 rw ./docs/site-replication/rw.json
|
||||
|
||||
sleep 5
|
||||
./mc admin policy info minio2 rw >/dev/null 2>&1
|
||||
@@ -299,7 +299,7 @@ if [ $? -ne 0 ]; then
|
||||
echo "adding user failed, exiting.."
|
||||
exit_1;
|
||||
fi
|
||||
./mc admin policy set minio1 consoleAdmin user=foobarx
|
||||
./mc admin policy attach minio1 consoleAdmin --user=foobarx
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "adding policy mapping failed, exiting.."
|
||||
exit_1;
|
||||
@@ -307,7 +307,7 @@ fi
|
||||
sleep 10
|
||||
|
||||
# unset policy for foobarx in minio2
|
||||
./mc admin policy unset minio2 consoleAdmin user=foobarx
|
||||
./mc admin policy detach minio2 consoleAdmin --user=foobarx
|
||||
if [ $? -ne 0 ]; then
|
||||
echo "unset policy mapping failed, exiting.."
|
||||
exit_1;
|
||||
@@ -318,10 +318,10 @@ fi
|
||||
|
||||
sleep 10
|
||||
|
||||
# Test whether policy unset replicated to minio1
|
||||
# Test whether policy detach replicated to minio1
|
||||
policy=$(./mc admin user info minio1 foobarx --json | jq -r .policyName)
|
||||
if [ "${policy}" != "null" ]; then
|
||||
echo "expected policy unset to have replicated, exiting..."
|
||||
echo "expected policy detach to have replicated, exiting..."
|
||||
exit_1;
|
||||
fi
|
||||
|
||||
|
||||
@@ -65,7 +65,7 @@ export MC_HOST_minio3=http://minio:minio123@localhost:9003
|
||||
|
||||
./mc admin replicate add minio1 minio2 minio3
|
||||
|
||||
./mc admin policy add minio1 projecta ./docs/site-replication/rw.json
|
||||
./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
|
||||
sleep 5
|
||||
|
||||
./mc admin policy info minio2 projecta >/dev/null 2>&1
|
||||
@@ -94,7 +94,7 @@ if [ $? -eq 0 ]; then
|
||||
exit_1;
|
||||
fi
|
||||
|
||||
./mc admin policy add minio1 projecta ./docs/site-replication/rw.json
|
||||
./mc admin policy create minio1 projecta ./docs/site-replication/rw.json
|
||||
sleep 5
|
||||
|
||||
# Generate STS credential with STS call to minio1
|
||||
|
||||
@@ -39,7 +39,7 @@ time="2020-07-12T20:45:50Z" level=info msg="listening (http) on 0.0.0.0:5556"
|
||||
```
|
||||
|
||||
```
|
||||
~ mc admin policy add admin allaccess.json
|
||||
~ mc admin policy create admin allaccess.json
|
||||
```
|
||||
|
||||
Contents of `allaccess.json`
|
||||
@@ -95,7 +95,7 @@ Now you have successfully configured Dex IdP with MinIO.
|
||||
export MINIO_IDENTITY_OPENID_CLAIM_NAME=groups
|
||||
```
|
||||
|
||||
and add relevant policies on MinIO using `mc admin policy add myminio/ <group_name> group-access.json`
|
||||
and add relevant policies on MinIO using `mc admin policy create myminio/ <group_name> group-access.json`
|
||||
|
||||
## Explore Further
|
||||
|
||||
|
||||
@@ -153,7 +153,7 @@ In the configuration variables, `%s` is substituted with the _username_ from the
|
||||
Access policies may be associated by their name with a group or user directly. Access policies are first defined on the MinIO server using IAM policy JSON syntax. To define a new policy, you can use the [AWS policy generator](https://awspolicygen.s3.amazonaws.com/policygen.html). Copy the policy into a text file `mypolicy.json` and issue the command like so:
|
||||
|
||||
```sh
|
||||
mc admin policy add myminio mypolicy mypolicy.json
|
||||
mc admin policy create myminio mypolicy mypolicy.json
|
||||
```
|
||||
|
||||
To associate the policy with an LDAP user or group, use the full DN of the user or group:
|
||||
@@ -163,7 +163,7 @@ mc admin idp ldap policy attach myminio mypolicy --user='uid=james,cn=accounts,d
|
||||
```
|
||||
|
||||
```sh
|
||||
mc admin idp ldap policy attach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
|
||||
mc admin idp ldap policy attach myminio mypolicy ----group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
|
||||
```
|
||||
|
||||
To remove a policy association, use the similar `detach` command:
|
||||
@@ -173,7 +173,7 @@ mc admin idp ldap policy detach myminio mypolicy --user='uid=james,cn=accounts,d
|
||||
```
|
||||
|
||||
```sh
|
||||
mc admin idp ldap policy detach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
|
||||
mc admin idp ldap policy detach myminio mypolicy ----group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
|
||||
```
|
||||
|
||||
|
||||
@@ -184,12 +184,12 @@ Note that the commands above attempt to validate if the given entity (user or gr
|
||||
Please **do not use** these as they may be removed or their behavior may change.
|
||||
|
||||
```sh
|
||||
mc admin policy set myminio mypolicy user='uid=james,cn=accounts,dc=myldapserver,dc=com'
|
||||
mc admin policy attach myminio mypolicy --user='uid=james,cn=accounts,dc=myldapserver,dc=com'
|
||||
```
|
||||
|
||||
|
||||
```sh
|
||||
mc admin policy set myminio mypolicy group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
|
||||
mc admin policy attach myminio mypolicy --group='cn=projectx,ou=groups,ou=hwengg,dc=min,dc=io'
|
||||
```
|
||||
|
||||
</details>
|
||||
|
||||
Reference in New Issue
Block a user